1. Field of the Invention
This invention relates generally to the field of computer processors and software. More particularly, the invention relates to an apparatus and method for securing a dynamic binary translation system.
2. Description of the Related Art
In prior binary translation implementations, the binary translation software is loaded from persistent storage such as the platform flash read only memory (ROM) into a predefined area in the system random access memory (RAM). The dynamically translated binary code is then stored in a part of the remaining system RAM, called the “Translation Cache.” The rest of the remaining memory is available for x86 software including the basic input output system (BIOS), operating system (OS) and applications. Prior solutions alternate between binary translation software execution for interpreting or translating the x86 binaries and translated code execution for executing the translated code.
Because prior implementations operate at single privilege level for accessing the processor resources (e.g., register states, memory regions, IO regions and the type of instructions), the binary translation memory configuration and the processor transitions between binary translation software execution and translated code execution lead to security vulnerabilities, allowing translated code to access system RAM, and maliciously modify the binary translation software. As another example, since the binary translation software code has full access to the entire memory, it can compromise data that belongs to the translator as well as translated code. These and other vulnerabilities can compromise the security of the binary translation software, or the security guarantees provided to the original translated code, or both.
The embodiments of the invention described herein provide techniques for mitigating some of these vulnerabilities.